My TryHackMe Writeups
Writing THM excersise solvings here and my thoughts on how to solve them
Project maintained by NaystyX Hosted on GitHub Pages — Theme by mattgraham
Mr Robot CTF
https://tryhackme.com/room/mrrobot
Tasks
In this CTF I have 3 keys I need to find, so I will begin as always with nmap
Going to the https page opens a cmd where you can type but first I wanna know anything the program would try to hide.
For that I will do gobuster and check /robots.txt. From robots.txt I find key-1-of-3.txt so I go there and see first key… that was easy.
While my gobuster is doing it’s thing I tried the cmd and it told me to use help
Running these commands take us to different pages of videos and pictures
These aren’t probably important just propaganda from the "fsociety" but after running join I get greeted by mr. robot.
Tho after giving my fake email it just put me back to the start. Although my gobuster wasn’t finished yet I saw wp-admin and wp-login there so I knew it was a wordpress page and went to login page
Doing a robots.txt I found another page fsociety.dic which I had downloaded incase I need it, so that I can use it with hydra.
So I found a user Elliot, lets try to hydra it’s password with the same dictionary and get ER28-0652
I went around the tabs and found Editor where I can change different pages, so I can put a reverse shell there.
I updated the 404 Template and put a netcat to listen to port 4444, after going to 404.php page I got access to shell
I found the key2 but I cannot cat it, so I checked password.raw-md5 and got robot:c3fcd3d76192e4007dfb496cca67e13b
So now we can su robot and get the second flag.
After that I was a bit stuck so I looked at the hint and it said nmap, so I went to check GTFOBins for nmap.
So I ran nmap --interactive and in there !sh and I got root access, then I headed to /root/ and found the last flag
Conclusion
Definitely on the more difficult side for me, but also interesting, although I didn’t get any references since it was based on a movie apparently.